This article explores the automation and governance of GitHub Runners using Nix, Terraform, and Doppler, emphasizing the integration of Doppler's Change Requests, Policies, and Analytics features to enhance security and operational efficiency. It outlines a system for deploying and managing macOS runner environments consistently and securely, leveraging Nix with Home Manager for environment consistency, Terraform for orchestration, and Doppler for secrets management. The article also highlights the importance of structured change request workflows and the use of Doppler's Analytics Dashboard to gain insights into secret usage, ensuring a proactive security stance. By employing these tools and processes, the setup aims to streamline CI/CD operations while maintaining robust governance and visibility, ultimately fostering a secure and efficient environment for managing GitHub Actions runners.